Data Processing Addendum
This Data Processing Addendum (DPA) describes how Mina Pro processes personal data on behalf of customer organizations. It forms part of, and is incorporated into, the Terms of Service.
1. Roles of the parties
For personal data contained in Customer Data, the customer organization is the controller (or, where applicable, processor on behalf of its own customers) and Mina Pro acts as a processor (or subprocessor). Mina Pro processes such personal data only on the documented instructions of the customer, including as set out in the Terms of Service and this DPA.
2. Scope and nature of processing
- Subject matter: provision of the Mina Pro mortgage loan management Services.
- Duration: for the term of the customer’s use of the Services.
- Purpose: hosting, processing, and transmitting Customer Data to provide the Services.
- Data subjects: borrowers, co-borrowers, and the customer’s staff users.
- Categories of data: contact details, account credentials, and mortgage loan information such as application (URLA / 1003) data, financial and employment details, identification documents, and loan conditions.
3. Confidentiality
Mina Pro ensures that personnel authorized to process personal data are bound by appropriate confidentiality obligations and access personal data only as needed to provide the Services.
4. Security measures
Mina Pro implements and maintains technical and organizational measures designed to protect personal data, including encryption in transit and at rest, access controls, network segmentation, logging, and monitoring. See our Security page for details.
5. Subprocessors
The customer authorizes Mina Pro to engage subprocessors to provide the Services, including cloud infrastructure and supporting vendors. Mina Pro imposes data-protection obligations on subprocessors consistent with this DPA and remains responsible for their performance. A current list of subprocessors is available on request, and we will provide notice of intended changes so the customer may object on reasonable grounds.
6. Data subject requests
Taking into account the nature of the processing, Mina Pro will assist the customer with appropriate technical and organizational measures, insofar as possible, to respond to requests from data subjects to exercise their rights. If we receive such a request directly, we will refer the individual to the relevant customer.
7. Personal data breach
Mina Pro will notify the customer without undue delay after becoming aware of a personal data breach affecting Customer Data and will provide information reasonably available to assist the customer in meeting its notification obligations.
8. International transfers
Where processing involves transfers of personal data across borders, the parties will rely on a valid transfer mechanism, such as the standard contractual clauses, where required by applicable law.
9. Audits
Mina Pro will make available information reasonably necessary to demonstrate compliance with this DPA and will allow for and contribute to audits, subject to reasonable confidentiality and security constraints.
10. Return and deletion
Upon termination of the Services, Mina Pro will, at the customer’s choice, delete or return Customer Data within a reasonable period, except where retention is required by law.
11. Liability
Each party’s liability under this DPA is subject to the limitations and exclusions of liability set out in the Terms of Service.
12. Contact
To request a countersigned copy of this DPA or the subprocessor list, contact legal@minapro.io.
